Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2022-2441 First vendor Publication 2023-10-20
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Overall CVSS Score 8.8
Base Score 8.8 Environmental Score 8.8
impact SubScore 5.9 Temporal Score 8.8
Exploitabality Sub Score 2.8
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction Required
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2441

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Sources (Detail)

Source Url
MISC https://github.com/orangelabweb/imagemagick-engine/blob/1.7.4/imagemagick-eng...
https://github.com/orangelabweb/imagemagick-engine/blob/v.1.7.2/imagemagick-e...
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&re...
https://www.exploit-db.com/exploits/51025
https://www.wordfence.com/threat-intel/vulnerabilities/id/b1f17a83-1df0-44fe-...
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2441

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2023-11-07 21:27:32
  • Multiple Updates
2023-10-28 00:27:36
  • Multiple Updates
2023-10-20 17:27:22
  • Multiple Updates
2023-10-20 13:27:23
  • First insertion